45 lines
1.2 KiB
HCL
45 lines
1.2 KiB
HCL
# Okta AD Integration Resources
|
|
resource "okta_group" "ad_users" {
|
|
name = var.ad_group_name
|
|
description = var.ad_group_description
|
|
}
|
|
|
|
resource "okta_group_rule" "ad_users_rule" {
|
|
name = "AD Users Rule"
|
|
expression = "isMemberOfAnyGroupName(\"${var.ad_group_name}\")"
|
|
status = "ACTIVE"
|
|
group_assignments = [okta_group.ad_users.id]
|
|
}
|
|
|
|
resource "okta_profile_mapping" "ad_to_okta_mapping" {
|
|
source {
|
|
type = "ACTIVE_DIRECTORY"
|
|
}
|
|
target {
|
|
type = "OKTA"
|
|
}
|
|
|
|
attribute_mappings = var.ad_user_profile_mappings
|
|
}
|
|
|
|
# SailPoint Configuration for AD-Okta Identities
|
|
data "http" "sailpoint_identity_sources" {
|
|
url = "${var.sailpoint_api_url}/v3/identity-sources"
|
|
request_headers = {
|
|
Authorization = "Bearer ${var.sailpoint_api_token}"
|
|
}
|
|
}
|
|
|
|
# Triggering Identity Sync
|
|
resource "http" "sailpoint_identity_sync" {
|
|
url = "${var.sailpoint_api_url}/v3/identity-sources/sync"
|
|
method = "POST"
|
|
request_headers = {
|
|
Authorization = "Bearer ${var.sailpoint_api_token}"
|
|
Content-Type = "application/json"
|
|
}
|
|
|
|
request_body = jsonencode({
|
|
sourceId = data.http.sailpoint_identity_sources.body # This assumes the ID is retrieved from the identity sources data
|
|
})
|
|
} |